Chandler Swift
4d74ca100a
This approach was recommended by nixos.wiki, and formerly by wiki.nixos.org, which has since switched to instead mentioning `boot.initrd.network.udhcpc.enable = true;`. It's not entirely clear to me which has an advantage over the other. This kernel parameter means that the kernel itself does the DHCP request, which is pretty neat! That seems to get set up in this file, though I haven't tracked down the exact details: https://github.com/torvalds/linux/blob/master/net/ipv4/ipconfig.c It seems like udhcpc may _also_ be enabled (since networking.useDHCP is set for the main system?), so maybe that could be disabled, but this appears to work so I'm rolling with it for the time being! Without the kernel param set, udhcpc tries and fails with errors like this: ``` <<< NixOS Stage 1 >>> loading module dm_mod... loading module af_packet... running udev... Starting systemd-udevd version 255.9 bringing up network interface eno1... acquiring IP address via DHCP on eno1... udhcpc: started, v1.36.1 udhcpc: broadcasting discover udhcpc: broadcasting discover udhcpc: broadcasting discover udhcpc: no lease, failing Passphrase for /dev/disk/by-uuid/00000000-0000-0000-0000-000000000000: _ ``` Compare with a working output: ``` <<< NixOS Stage 1 >>> loading module dm_mod... loading module af_packet... running udev... Starting systemd-udevd version 255.9 bringing up network interface eno1... acquiring IP address via DHCP on eno1... udhcpc: started, v1.36.1 udhcpc: broadcasting discover udhcpc: broadcasting discover udhcpc: broadcasting discover udhcpc: broadcasting select for 192.168.1.20, server 192.168.1.1 udhcpc: lease of 192.168.1.20 obtained from 192.168.1.1, lease time 43200 Passphrase for /dev/disk/by-uuid/00000000-0000-0000-0000-000000000000: _ ``` |
||
|---|---|---|
| .. | ||
| services | ||
| configuration.nix | ||
| hardware-configuration.nix | ||
| Makefile | ||
| README.md | ||
Installation
- Install NixOS minimal
ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key- Enable SSH server and add root SSH key
- Deploy updated config with
make - Set up Remote Disk Unlocking
- mkdir -p /etc/secrets/initrd && ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_25519_key
- Deploy content to web services
Notes on Caddy
Until 2.8 is released with 24.11, Caddy has a pretty limited sense of what content-types should be compressed:
https://github.com/caddyserver/caddy/blob/v2.7.6/modules/caddyhttp/encode/encode.go#L85-L101
Specifically, this doesn't include GeoJSON, which is a bit of a shame for maps.chandlerswift.com. That said, I'll probably be upgrading to 24.11 as soon as it comes out, so in the intervening time I'm just not going to worry about it.
The list was expanded in this PR: